Filtered by vendor Tenda
Subscriptions
Total
1069 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-27021 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-02-12 | 9.8 Critical |
| Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the formSetFirewallCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | ||||
| CVE-2023-27020 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-02-12 | 9.8 Critical |
| Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | ||||
| CVE-2023-27018 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-02-12 | 9.8 Critical |
| Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45EC1C function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | ||||
| CVE-2024-3909 | 1 Tenda | 2 Ac500, Ac500 Firmware | 2025-02-07 | 8.8 High |
| A vulnerability classified as critical was found in Tenda AC500 2.0.1.9(1307). Affected by this vulnerability is the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261145 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-30378 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-02-05 | 9.8 Critical |
| In Tenda AC15 V15.03.05.19, the function "sub_8EE8" contains a stack-based buffer overflow vulnerability. | ||||
| CVE-2023-30376 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-02-05 | 9.8 Critical |
| In Tenda AC15 V15.03.05.19, the function "henan_pppoe_user" contains a stack-based buffer overflow vulnerability. | ||||
| CVE-2023-30375 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-02-05 | 9.8 Critical |
| In Tenda AC15 V15.03.05.19, the function "getIfIp" contains a stack-based buffer overflow vulnerability. | ||||
| CVE-2023-30371 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-02-04 | 9.8 Critical |
| In Tenda AC15 V15.03.05.19, the function "sub_ED14" contains a stack-based buffer overflow vulnerability. | ||||
| CVE-2023-30370 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-02-04 | 9.8 Critical |
| In Tenda AC15 V15.03.05.19, the function GetValue contains a stack-based buffer overflow vulnerability. | ||||
| CVE-2023-30369 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-02-04 | 9.8 Critical |
| Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow. | ||||
| CVE-2023-30368 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-02-04 | 9.8 Critical |
| Tenda AC5 V15.03.06.28 is vulnerable to Buffer Overflow via the initWebs function. | ||||
| CVE-2018-14558 | 1 Tenda | 6 Ac10, Ac10 Firmware, Ac7 and 3 more | 2025-02-04 | 9.8 Critical |
| An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input. | ||||
| CVE-2023-30373 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-02-04 | 9.8 Critical |
| In Tenda AC15 V15.03.05.19, the function "xian_pppoe_user" contains a stack-based buffer overflow vulnerability. | ||||
| CVE-2023-30372 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-02-04 | 9.8 Critical |
| In Tenda AC15 V15.03.05.19, The function "xkjs_ver32" contains a stack-based buffer overflow vulnerability. | ||||
| CVE-2021-31755 | 1 Tenda | 2 Ac11, Ac11 Firmware | 2025-02-04 | 9.8 Critical |
| An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request. | ||||
| CVE-2020-10987 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-02-04 | 9.8 Critical |
| The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter. | ||||
| CVE-2024-57583 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-02-04 | 9.8 Critical |
| Tenda AC18 V15.03.05.19 was discovered to contain a command injection vulnerability via the usbName parameter in the formSetSambaConf function. | ||||
| CVE-2024-57575 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-02-03 | 9.8 Critical |
| Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function. | ||||
| CVE-2023-29681 | 1 Tenda | 2 N301, N301 Firmware | 2025-01-30 | 5.7 Medium |
| Cleartext Transmission in cookie:ecos_pw: in Tenda N301 v6.0, firmware v12.03.01.06_pt allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password. | ||||
| CVE-2023-29680 | 1 Tenda | 2 N301, N301 Firmware | 2025-01-30 | 5.7 Medium |
| Cleartext Transmission in set-cookie:ecos_pw: Tenda N301 v6.0, Firmware v12.02.01.61_multi allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password. | ||||